When data is controlled by diverse stake-holders, privacy concerns may limit sharing. Loose federation can be an obstacle to dependability because lack of a global view can limit large-scale coordination and stability. Lack of a global view is one of the problems that contributed to the 2008 financial collapse. Ideally, an outside party could coordinate behavior, but this is often impossible: domains may be reluctant to share their local information. Differential privacy can mitigate these concerns -- it provides a strong, attractive privacy guarantee that protects data owners from risks associated disclosure of their data, but this guarantee can be hard to achieve in distributed settings. This project is developing practical tools for distributed private data analysis that can be used by non-experts in a variety of applications, allowing for important new analyses of distributed data. The project also includes substantial outreach activities, in the form of course development and workshop organization, and will train PhD students to be future leaders in the development of privacy technologies.

This project advances the practical theory of differential privacy in distributed settings. It has three main thrusts: 1) to extend the theory of differential privacy to work with relaxed guarantees, amenable to high-accuracy analyses when there are only a relatively small number of parties with limited ability to collude; 2) to develop programming languages and automatic verification tools capable of automatically certifying the differential privacy properties of distributed systems, in which each party has only partial access to the data; and 3) to develop tool chains to implement differentially private algorithms in distributed settings, using (among other technologies) secure multi-party computation as a computational substrate.

Project Start
Project End
Budget Start
Budget End
Support Year
Fiscal Year
Total Cost
Indirect Cost
University of Pennsylvania
United States
Zip Code